Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ns-2_firmware by akuvox

    CVE-2024-58337 (GCVE-0-2024-58337)

    Vulnerability from nvd – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
    VLAI
    Title
    Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
    Summary
    Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    The Akuvox Company Akuvox Smart Doorphone Affected: S539
    Affected: S532
    Affected: X916
    Affected: X915
    Affected: X912
    Create a notification for this product.
    The Akuvox Company Akuvox Smart Intercom Affected: R20K-2
    Affected: R20A-2
    Affected: C313W-2
    Affected: NS-2
    Affected: NC-2
    Affected: NX-2
    Create a notification for this product.
    Date Public
    2024-11-26 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58337",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-02T14:24:35.516682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-02T14:38:57.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Akuvox Smart Doorphone",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "S539"
                },
                {
                  "status": "affected",
                  "version": "S532"
                },
                {
                  "status": "affected",
                  "version": "X916"
                },
                {
                  "status": "affected",
                  "version": "X915"
                },
                {
                  "status": "affected",
                  "version": "X912"
                }
              ]
            },
            {
              "product": "Akuvox Smart Intercom",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "R20K-2"
                },
                {
                  "status": "affected",
                  "version": "R20A-2"
                },
                {
                  "status": "affected",
                  "version": "C313W-2"
                },
                {
                  "status": "affected",
                  "version": "NS-2"
                },
                {
                  "status": "affected",
                  "version": "NC-2"
                },
                {
                  "status": "affected",
                  "version": "NX-2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2024-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-16T19:00:19.517Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2024-5862)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
            },
            {
              "name": "Packet Storm Security Exploit Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/182870/"
            },
            {
              "name": "CXSecurity Vulnerability Listing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2024110042"
            },
            {
              "name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
            }
          ],
          "title": "Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58337",
        "datePublished": "2025-12-30T22:41:44.989Z",
        "dateReserved": "2025-12-26T17:10:59.894Z",
        "dateUpdated": "2026-01-16T19:00:19.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58336 (GCVE-0-2024-58336)

    Vulnerability from nvd – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
    VLAI
    Title
    Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
    Summary
    Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    The Akuvox Company Akuvox Smart Doorphone Affected: S539
    Affected: S532
    Affected: X916
    Affected: X915
    Affected: X912
    Create a notification for this product.
    The Akuvox Company Akuvox Smart Intercom Affected: R20K-2
    Affected: R20A-2
    Affected: C313W-2
    Affected: NS-2
    Affected: NC-2
    Affected: NX-2
    Create a notification for this product.
    Date Public
    2024-08-20 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58336",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-02T14:24:46.167763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-02T14:39:05.787Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Akuvox Smart Doorphone",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "S539"
                },
                {
                  "status": "affected",
                  "version": "S532"
                },
                {
                  "status": "affected",
                  "version": "X916"
                },
                {
                  "status": "affected",
                  "version": "X915"
                },
                {
                  "status": "affected",
                  "version": "X912"
                }
              ]
            },
            {
              "product": "Akuvox Smart Intercom",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "R20K-2"
                },
                {
                  "status": "affected",
                  "version": "R20A-2"
                },
                {
                  "status": "affected",
                  "version": "C313W-2"
                },
                {
                  "status": "affected",
                  "version": "NS-2"
                },
                {
                  "status": "affected",
                  "version": "NC-2"
                },
                {
                  "status": "affected",
                  "version": "NX-2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2024-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-16T19:00:19.275Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2024-5826)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
            },
            {
              "name": "Packet Storm Security Exploit Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/180262/"
            },
            {
              "name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
            }
          ],
          "title": "Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58336",
        "datePublished": "2025-12-30T22:41:44.569Z",
        "dateReserved": "2025-12-26T17:10:59.893Z",
        "dateUpdated": "2026-01-16T19:00:19.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58337 (GCVE-0-2024-58337)

    Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
    VLAI
    Title
    Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
    Summary
    Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    The Akuvox Company Akuvox Smart Doorphone Affected: S539
    Affected: S532
    Affected: X916
    Affected: X915
    Affected: X912
    Create a notification for this product.
    The Akuvox Company Akuvox Smart Intercom Affected: R20K-2
    Affected: R20A-2
    Affected: C313W-2
    Affected: NS-2
    Affected: NC-2
    Affected: NX-2
    Create a notification for this product.
    Date Public
    2024-11-26 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58337",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-02T14:24:35.516682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-02T14:38:57.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Akuvox Smart Doorphone",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "S539"
                },
                {
                  "status": "affected",
                  "version": "S532"
                },
                {
                  "status": "affected",
                  "version": "X916"
                },
                {
                  "status": "affected",
                  "version": "X915"
                },
                {
                  "status": "affected",
                  "version": "X912"
                }
              ]
            },
            {
              "product": "Akuvox Smart Intercom",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "R20K-2"
                },
                {
                  "status": "affected",
                  "version": "R20A-2"
                },
                {
                  "status": "affected",
                  "version": "C313W-2"
                },
                {
                  "status": "affected",
                  "version": "NS-2"
                },
                {
                  "status": "affected",
                  "version": "NC-2"
                },
                {
                  "status": "affected",
                  "version": "NX-2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2024-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-16T19:00:19.517Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2024-5862)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
            },
            {
              "name": "Packet Storm Security Exploit Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/182870/"
            },
            {
              "name": "CXSecurity Vulnerability Listing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2024110042"
            },
            {
              "name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
            }
          ],
          "title": "Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58337",
        "datePublished": "2025-12-30T22:41:44.989Z",
        "dateReserved": "2025-12-26T17:10:59.894Z",
        "dateUpdated": "2026-01-16T19:00:19.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58336 (GCVE-0-2024-58336)

    Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
    VLAI
    Title
    Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
    Summary
    Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    The Akuvox Company Akuvox Smart Doorphone Affected: S539
    Affected: S532
    Affected: X916
    Affected: X915
    Affected: X912
    Create a notification for this product.
    The Akuvox Company Akuvox Smart Intercom Affected: R20K-2
    Affected: R20A-2
    Affected: C313W-2
    Affected: NS-2
    Affected: NC-2
    Affected: NX-2
    Create a notification for this product.
    Date Public
    2024-08-20 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58336",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-02T14:24:46.167763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-02T14:39:05.787Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Akuvox Smart Doorphone",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "S539"
                },
                {
                  "status": "affected",
                  "version": "S532"
                },
                {
                  "status": "affected",
                  "version": "X916"
                },
                {
                  "status": "affected",
                  "version": "X915"
                },
                {
                  "status": "affected",
                  "version": "X912"
                }
              ]
            },
            {
              "product": "Akuvox Smart Intercom",
              "vendor": "The Akuvox Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "R20K-2"
                },
                {
                  "status": "affected",
                  "version": "R20A-2"
                },
                {
                  "status": "affected",
                  "version": "C313W-2"
                },
                {
                  "status": "affected",
                  "version": "NS-2"
                },
                {
                  "status": "affected",
                  "version": "NC-2"
                },
                {
                  "status": "affected",
                  "version": "NX-2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2024-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-16T19:00:19.275Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2024-5826)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
            },
            {
              "name": "Packet Storm Security Exploit Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/180262/"
            },
            {
              "name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
            }
          ],
          "title": "Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58336",
        "datePublished": "2025-12-30T22:41:44.569Z",
        "dateReserved": "2025-12-26T17:10:59.893Z",
        "dateUpdated": "2026-01-16T19:00:19.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }